US10623184B2 - Smart resource access for decrypted information - Google Patents
Smart resource access for decrypted information Download PDFInfo
- Publication number
- US10623184B2 US10623184B2 US14/868,801 US201514868801A US10623184B2 US 10623184 B2 US10623184 B2 US 10623184B2 US 201514868801 A US201514868801 A US 201514868801A US 10623184 B2 US10623184 B2 US 10623184B2
- Authority
- US
- United States
- Prior art keywords
- resource
- parameter
- program instructions
- processors
- encrypted
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active, expires
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/316—User authentication by observing the pattern of computer usage, e.g. typical user behaviour
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2133—Verifying human interaction, e.g., Captcha
Definitions
- the present invention relates generally to the field of restricting access to a resource, and more particularly to encrypting the resource until an event transpires and then permitting access to the resource.
- data cryptography or data encryption is the process of encoding messages or information in such a way that only authorized parties can read the messages or information. Encryption does not of itself prevent interception, but denies the message content to the interceptor.
- the message or information referred to as plaintext, is encrypted using an encryption algorithm, generating cipher text that can only be read if decrypted. An authorized recipient can easily decrypt the message with the key provided by the originator to recipients, but not to unauthorized interceptors.
- a first aspect of the present invention provides a method for protecting a resource.
- a processor receives a resource and a parameter, wherein the parameter indicates a condition upon which the resource will be made accessible.
- a processor encrypts the resource.
- a processor associates the parameter with decryption information for the encrypted resource.
- a processor sends the encrypted resource to a computing device.
- a processor determines that the condition of the parameter has been met based on external information regarding the parameter.
- a processor sends the decryption information to the computing device.
- a second aspect of the present invention provides a computer program product for protecting a resource.
- a processor receives a resource and a parameter, wherein the parameter indicates a condition upon which the resource will be made accessible.
- a processor encrypts the resource.
- a processor associates the parameter with decryption information for the encrypted resource.
- a processor sends the encrypted resource to a computing device.
- a processor determines that the condition of the parameter has been met based on external information regarding the parameter.
- a processor sends the decryption information to the computing device.
- a third aspect of the present invention provides a computer system for protecting a resource.
- a processor receives a resource and a parameter, wherein the parameter indicates a condition upon which the resource will be made accessible.
- a processor encrypts the resource.
- a processor associates the parameter with decryption information for the encrypted resource.
- a processor sends the encrypted resource to a computing device.
- a processor determines that the condition of the parameter has been met based on external information regarding the parameter.
- a processor sends the decryption information to the computing device.
- FIG. 1 illustrates a block diagram depicting a computing environment, according to an embodiment of the present invention.
- FIG. 2 illustrates a flowchart of the operational steps taken by an authorization program to protect a resource until an event transpires and then to permit access the resource, within the computing environment of FIG. 1 , according to an embodiment of the present invention.
- FIG. 3 illustrates a block diagram depicting the internal and external components of the server and recipient computing device of FIG. 1 , according to an embodiment of the present invention.
- aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects may generally be referred to herein as a “circuit,” “module”, or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code/instructions embodied thereon.
- Embodiments of the present invention disclose an approach to deny access to a resource until a predetermined time frame or triggering event occurs, then to permit access to the resource.
- Embodiments of the present invention encrypt the resource and then decrypt the resource once a specific triggering event occurs.
- FIG. 1 illustrates a block diagram of computing environment 100 in accordance with one embodiment of the present invention.
- FIG. 1 provides an illustration of one embodiment and does not imply any limitations regarding computing environment 100 in which different embodiments may be implemented.
- computing environment 100 includes, but is not limited to network 102 , server 104 , and computing device 112 .
- Computing environment 100 may include additional computing devices, servers, computers, components, or additional devices not shown. It should be appreciated FIG. 1 provides only an illustration of one implementation and does not imply any limitations with regard to the environments in which different embodiments may be implemented. Many modifications to the depicted environment may be made.
- Network 102 may be a local area network (LAN), a wide area network (WAN) such as the Internet, the public switched telephone network (PSTN), any combination thereof, or any combination of connections and protocols support communications between server 104 and vehicle computing device 108 , in accordance with embodiments of the invention.
- Network 102 may include wired, wireless, or fiber optic connections.
- Server 104 may be a management server, a web server, or additional electronic device or computing system capable of processing program instructions and receiving and sending data.
- server 104 may be a laptop computer, tablet computer, netbook computer, personal computer (PC), desktop computer, or any programmable electronic device.
- server 104 may represent a server computing system utilizing multiple computers as a server system, such as in a cloud computing environment.
- server 104 represents a computing system utilizing clustered computers and nodes to act as a single pool of seamless resources.
- server 104 includes authorization program 106 and database 110 .
- server 104 may include and additional programs, storage devices, or components. Server 104 may include components, as depicted and described in further detail with respect to FIG. 3 .
- Authorization program 106 controls the process of protecting or limiting access to the resource file 110 , and applying the triggering event which releases the decryption method or key to allow the user permission to access the resource file 110 .
- a resource can be any document or application which can be created, modified, or viewed on a computing device. Examples of a resource include a deed, a contract, lecture notes, PowerPoint presentations, or any other document which a user decides to apply parameters to the resource in order to limit access to the resource until a specific triggering event has occurred or a time limit has expired.
- the parameters associates with, or related to these and additional resources can be, for example, accessible by the parties which have access to the resource or the parameters can be hidden from the parties which have access to the resource.
- triggering event parameters are the events which access function 106 uses to determine when the resource can be made accessible to the users.
- the triggering events can be, for example, a predetermined time frame passing, the death of a person, the sale of a house, a financial event such as a drop or spike in stock prices, an emergency situation, the conclusion of a conference or class, or any event which can transpire which authorization program 106 is able to gather information about, or which a third party can inform authorization program 106 has occurred.
- Authorization program 106 informs and/or permits access to the resource to specified users when the triggering event occurs and the resource is accessible.
- authorization program 106 is located on server 104 .
- authorization program 106 may be located on additional servers, provided authorization program 106 has access to and/or is accessible to resource file 110 , encryption function 108 , and recipient computing device 112 .
- authorization program 106 includes encryption function 108 .
- Encryption function 108 encrypts the resource file 110 and controls the decryption process of the resource when requested to decrypt the resource.
- the decryption process can be performed by encryption function 108 .
- the decryption process occurs on the client end, and encryption function 108 supplies the client with the necessary information (e.g., decryption key or password) to decrypt the document or application.
- Encryption function 108 turns the resource into a protected format through an encryption process.
- Encryption function 108 can apply a number of different encryption techniques to the resource file 110 to protect the resource file 110 from unapproved access.
- encryption function 108 performs symmetric encryption. Symmetric encryption scrambles the resource file 110 into an unreadable format.
- This unreadable format is encrypted and decrypted with a single key, which a substantial number of users who are accessing resource file 110 have access to.
- symmetric encryption the decryption of resource file 110 is done in a similar method as the encryption with the use of the single key.
- encryption function performs asymmetric encryption which scrambles resource to an unreadable format, and uses a series of keys.
- asymmetric encryption there are different types of keys, one type of key is a private key which is not shared, and a public keys which are shared.
- encryption function 108 uses additional methods of encryption not described to protect resource file 110 from being accessed prior to the parameters being reached or triggering event transpiring.
- encryption function 108 is located on authorization program 106 .
- encryption function 108 may be located on additional servers provided authorization program 106 has access to encryption function 108 .
- encryption function 108 may be a function of additional programs, or a standalone program located on server 104 or an additional server or computing device, provided encryption function 108 is accessible to authorization program 106 .
- Resource file 110 may be a single file or a group of files which may be written to and/or read by authorization program 106 or encryption function 108 .
- resource file 110 includes, for example, a resources, at least one triggering event associated with the resource.
- Resource file 110 can be, for example, the documents or applications which are to be encrypted, or the keys associated with the decryption of the documents or applications.
- resource file 110 may be written to and/or read by authorization program 106 and/or additional computing devices, servers, computers, components, or additional devices not shown.
- database 110 is stored on server 104 .
- database 110 may reside on an alternative server, computer, or computing device, provided database 110 is able to communicate with authorization program 106 and additional devices, programs, and components (not shown).
- Recipient computing device 112 may be a desktop computer, laptop computer, tablet computer, netbook computer, personal computer (PC), mobile device, or any programmable electronic device capable of communicating with authorization program 106 or resource file 110 via network 102 .
- Recipient computing device 112 receives either the encrypted resource file 110 , or the decrypted resource file 110 . If recipient computing device 112 receives the encrypted resource file 110 then the recipient cannot access the file until the requirements are met to decrypt resource file 110 .
- recipient's computing device 112 may be any electronic device or computing system capable of sending and receiving data, and communicating with server 104 via network 102 . In the depicted embodiment, recipient's computing device 112 communicates with server 104 via network 102 .
- FIG. 2 illustrates a flowchart of the operational steps taken by authorization program 106 to protect a resource through encryption, within computing environment 100 on FIG. 1 , in accordance with an embodiment of the present invention.
- Flowchart 200 depicts the steps taken by authorization program 106 to apply encryption and triggering event parameters to resource file 110 and monitor resource file 110 until the triggering event parameters have been met, then decrypt resource file 110 for the approved users.
- FIG. 2 provides only an illustration of one implementation and does not imply any limitations with regard to the environments in which different embodiments may be implemented. Many modifications to the depicted environment may be made.
- encryption function 108 configures the triggering event.
- the triggering event may be, for example, a temporal event (e.g., a time period after the start of a conference call, a date/time), a financial event (e.g., a specified stock meeting a certain price), an environmental event (e.g., an earthquake, temperature spike), a personal event (e.g., the birth of a child, the marriage of a person) or another type of event.
- the triggering event may be any type of real world event that can be monitored.
- encryption function 108 receives a request from a user to protect resource file 110 .
- Encryption function 108 configures the triggering event.
- Encryption function 108 configures the triggering event associated with resource file 110 .
- the triggering event is specified by the user attempting to encrypt resource file 110 .
- a triggering event describes a triggering event, time period, or other set of one or more parameters which must be met before decryption of resource file 110 is allowed.
- Encryption function 108 incorporates the triggering event, time period, or other parameters which are associated with resource file 110 which need to transpire before the decryption process begins. These parameters can be hidden or public from recipients of the encrypted resource, depending on the preferences of the user or entity that caused resource file 110 to be encrypted by encryption function 108 .
- the user or another entity informs encryption function 108 of the triggering event which must transpire for the decryption to begin.
- configuring the triggering event results in encryption function 108 monitoring the resource and the triggering event (see step 208 ). For example, if the triggering event specifies that “Stock A” must reach a specified price before the decryption key for the encrypted resource may be released, then encryption function 108 may monitor the stock market, and more specifically, the sale price of “Stock A” until the specified price has been reached.
- the triggering event may be the marriage of a person.
- encryption function 108 may configure the triggering event to monitor local newspapers or other informational databases or resources that could include text information regarding the marriage of the person, such as, for example, a wedding announcement in the local newspaper. Based on the specific triggering event and the parameters associated with the triggering event to cause encryption function 108 to decrypt the encrypted resource, encryption function 108 may monitor a variety of resources, and select which resources to monitor when configuring the triggering event.
- encryption function 108 encrypts the resource.
- Encryption function 108 may receive encryption parameters specifying a desired type of encryption for to apply to resource file 110 .
- Encryption function 108 applies the desired type of encryption to resource file 110 , e.g., symmetrical, asymmetrical, or another form of encryption.
- encryption function 108 performs the type of encryption specified by a user or another entity.
- encryption function 108 selects the type of encryption.
- Encryption function 108 uses the configure encryption parameters to perform the intended encryption method and/or process.
- the encryption parameters can be symmetrical encryption, asymmetrical encryption, or another form of encryption.
- encryption function 108 Upon encrypting the resource, encryption function 108 associates the decryption information (e.g., decryption key) with the previously configured triggering event such that encryption function 108 does not release the decryption information until the triggering event parameter(s) have been met.
- decryption information e.g., decryption key
- encryption function 108 distributes the encrypted resource. Encryption function 108 distributes the encrypted resource to the intended destinations or recipients. In additional embodiments, encryption function 108 distributes the encrypted resource to recipient computing device 112 or another database or repository. In additional embodiments, encryption function 108 informs the recipient that the encrypted resource has be distributed to recipient computing device 112 .
- encryption function 108 monitors the triggering event.
- the trigger event can be, for example, the passage of a set amount of time, a specific date has been reached, a user has approved the release of the decryption method/key, or another criteria has been reached.
- encryption function 108 monitors the triggering event using keyword search using natural language processing (NLP) or semantic analysis to the content to identify a subject for the reference.
- NLP natural language processing
- encryption function 108 monitors the trigger event using various natural language processing techniques on the text regarding the triggering event.
- encryption function 108 performs natural language processing including semantic typing with n-gram analysis.
- encryption function 108 searches for the specified triggering event through keyword searches, optimization processes, or other forms of monitoring processes which scan repositories and computing devices connected to network 102 for information related to the specified triggering event. This information can be, for example, an obituary in a newspaper or other database, a stock price reaching a predetermined value, or the sending of an email to employees within a corporation. Encryption function 108 may, for example, gain access to repositories or additional computing devices connected to network 102 to determine that a specific triggering event has occurred, or that a time limit specified by the triggering event has expired. In additional embodiments, encryption function 108 monitors resource file 110 and the triggering event to determine if premature attempts are made to access resource file 110 .
- encryption function 108 determine if the triggering event has occurred. Encryption function 108 determines if the triggering event has occurred/expired based on the information obtained from monitoring the triggering event (see step 208 ). In one embodiment, encryption function 108 uses natural language processing as described in step 208 to determine if the triggering event has occurred. If encryption function 108 determines the triggering event has occurred (YES branch, proceed to decision 212 ), encryption function 108 proceeds to release the decryption method or key. If encryption function 108 determines the triggering event has not occurred (NO branch, proceed to decision 208 ), encryption function 108 continues to monitor for the triggering event to occur.
- encryption function 108 release the decryption method or key. Once encryption function 108 determines the required triggering event has occurred, encryption function 108 releases the decryption method or key to the preapproved recipient via network 102 to recipient's computing device 112 . The recipient then has access to decrypt resource file 110 and view resource file 110 . In one embodiment, encryption function 108 releases the decryption method or key for a predetermined time period before the decryption method or key expires and after the expiration of the decryption method or key, the recipient can no longer view resource file 110 . In additional embodiments, the decryption method or key expires after a specified number of uses (e.g., uses of the key to access the resource).
- encryption function 108 decrypts resource file 110 and sends the decrypted resource to recipient's computing device 112 . In additional embodiments, encryption function 108 decrypts resource file 110 and alerts the recipients as well as send the decrypted resource to recipient's computing device 112 .
- FIG. 3 depicts a block diagram 300 of components of server 104 and recipient computing device 112 , in accordance with an illustrative embodiment of the present invention. It should be appreciated FIG. 3 provides only an illustration of one implementation and does not imply any limitations with regard to the environments in which different embodiments may be implemented. Many modifications to the depicted environment may be made.
- Server 104 and recipient computing device 112 includes communications fabric 302 , which provides communications between computer processor(s) 304 , memory 306 , persistent storage 308 , communications unit 310 , and input/output (I/O) interface(s) 312 .
- Communications fabric 302 may be implemented with any architecture designed for passing data and/or control information between processors (such as microprocessors, communications and network processors, etc.), system memory, peripheral devices, and any additional hardware components within a system.
- processors such as microprocessors, communications and network processors, etc.
- Communications fabric 302 may be implemented with one or more buses.
- Memory 306 and persistent storage 308 are computer-readable storage media.
- memory 306 includes random access memory (RAM) and cache memory 314 .
- RAM random access memory
- cache memory 314 In general, memory 306 may include any suitable volatile or non-volatile computer-readable storage media.
- Memory 306 is stored for execution by one or more of the respective computer processors 304 of server 104 and recipient computing device 112 via one or more memories of memory 306 of server 104 and recipient computing device 112 .
- persistent storage 308 includes a magnetic hard disk drive.
- persistent storage 308 may include a solid state hard drive, a semiconductor storage device, read-only memory (ROM), erasable programmable read-only memory (EPROM), flash memory, or any additional computer-readable storage media that is capable of storing program instructions or digital information.
- the media used by persistent storage 308 may also be removable.
- a removable hard drive may be used for persistent storage 308 .
- Additional examples include optical and magnetic disks, thumb drives, and smart cards that are inserted into a drive for transfer onto another computer-readable storage medium that is also part of persistent storage 308 .
- Communications unit 310 in the examples, provides for communications with additional data processing systems or devices, including server 104 and recipient computing device 112 .
- communications unit 310 includes one or more network interface cards.
- Communications unit 310 may provide communications through the use of either or both physical and wireless communications links.
- I/O interface(s) 312 allows for input and output of data with additional devices that may be connected to server 104 and recipient computing device 112 .
- I/O interface 312 may provide a connection to external devices 316 such as a keyboard, keypad, camera, a touch screen, and/or some additional suitable input device.
- external devices 316 may also include portable computer-readable storage media such as, for example, thumb drives, portable optical or magnetic disks, and memory cards.
- authorization program 106 and encryption function 108 may each be stored on such portable computer-readable storage media and may be loaded onto persistent storage 308 of server 104 and recipient computing device 112 via I/O interface(s) 312 of server 104 and recipient computing device 112 .
- I/O interface(s) 312 also connect to a display 318 .
- Display 318 provides a mechanism to display data to a user and may be, for example, a computer monitor.
- the present invention may be a system, a method, and/or a computer program product.
- the computer program product may include a computer readable storage medium (or media) having computer readable program instructions thereon for causing a processor to carry out aspects of the present invention.
- the computer readable storage medium may be a tangible device that may retain and store instructions for use by an instruction execution device.
- the computer readable storage medium may be, for example, but is not limited to, an electronic storage device, a magnetic storage device, an optical storage device, an electromagnetic storage device, a semiconductor storage device, or any suitable combination of the foregoing.
- a non-exhaustive list of more specific examples of the computer readable storage medium includes the following: a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), a static random access memory (SRAM), a portable compact disc read-only memory (CD-ROM), a digital versatile disk (DVD), a memory stick, a floppy disk, a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon, and any suitable combination of the foregoing.
- RAM random access memory
- ROM read-only memory
- EPROM or Flash memory erasable programmable read-only memory
- SRAM static random access memory
- CD-ROM compact disc read-only memory
- DVD digital versatile disk
- memory stick a floppy disk
- a mechanically encoded device such as punch-cards or raised structures in a groove having instructions recorded thereon
- a computer readable storage medium is not to be construed as being transitory signals per se, such as radio waves or additional freely propagating electromagnetic waves, electromagnetic waves propagating through a waveguide or additional transmission media (e.g., light pulses passing through a fiber-optic cable), or electrical signals transmitted through a wire.
- Computer readable program instructions described herein may be downloaded to respective computing/processing devices from a computer readable storage medium or to an external computer or external storage device via a network, for example, the Internet, a local area network, a wide area network and/or a wireless network.
- the network may include copper transmission cables, optical transmission fibers, wireless transmission, routers, firewalls, switches, gateway computers and/or edge servers.
- a network adapter card or network interface in each computing/processing device receives computer readable program instructions from the network and forwards the computer readable program instructions for storage in a computer readable storage medium within the respective computing/processing device.
- Computer readable program instructions for carrying out operations of the present invention may be assembler instructions, instruction-set-architecture (ISA) instructions, machine instructions, machine dependent instructions, microcode, firmware instructions, state-setting data, or either source code or object code written in any combination of one or more programming languages, including an object oriented programming language such as Smalltalk, C++ or the like, and conventional procedural programming languages, such as the “C” programming language or similar programming languages.
- the computer readable program instructions may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server.
- the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
- electronic circuitry including, for example, programmable logic circuitry, field-programmable gate arrays (FPGA), or programmable logic arrays (PLA) may execute the computer readable program instructions by utilizing state information of the computer readable program instructions to personalize the electronic circuitry, to perform aspects of the present invention.
- the computer readable program instructions may be provided to a processor of a general purpose computer, special purpose computer, or additional programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or additional programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
- the computer readable program instructions may also be stored in a computer readable storage medium that may direct a computer, a programmable data processing apparatus, and/or additional devices to function in a particular manner, such that the computer readable storage medium having instructions stored therein comprises an article of manufacture including instructions which implement aspects of the function/act specified in the flowchart and/or block diagram block or blocks.
- the computer readable program instructions may also be loaded onto a computer, additional programmable data processing apparatus, or additional device to cause a series of operational steps to be performed on the computer, additional programmable apparatus or additional device to produce a computer implemented process, such that the instructions which execute on the computer, additional programmable apparatus, or additional device implement the functions/acts specified in the flowchart and/or block diagram block or blocks.
- each block in the flowchart or block diagrams may represent a module, segment, or table of instructions, which comprises one or more executable instructions for implementing the specified logical function(s).
- the functions noted in the block may transpire out of the order noted in the figures.
- two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- General Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Social Psychology (AREA)
- Storage Device Security (AREA)
Abstract
Description
Claims (15)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/868,801 US10623184B2 (en) | 2015-09-29 | 2015-09-29 | Smart resource access for decrypted information |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US14/868,801 US10623184B2 (en) | 2015-09-29 | 2015-09-29 | Smart resource access for decrypted information |
Publications (2)
Publication Number | Publication Date |
---|---|
US20170093574A1 US20170093574A1 (en) | 2017-03-30 |
US10623184B2 true US10623184B2 (en) | 2020-04-14 |
Family
ID=58409359
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/868,801 Active 2035-12-23 US10623184B2 (en) | 2015-09-29 | 2015-09-29 | Smart resource access for decrypted information |
Country Status (1)
Country | Link |
---|---|
US (1) | US10623184B2 (en) |
Citations (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5109413A (en) | 1986-11-05 | 1992-04-28 | International Business Machines Corporation | Manipulating rights-to-execute in connection with a software copy protection mechanism |
US6351813B1 (en) | 1996-02-09 | 2002-02-26 | Digital Privacy, Inc. | Access control/crypto system |
US20020048369A1 (en) * | 1995-02-13 | 2002-04-25 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US20020111946A1 (en) * | 2000-09-29 | 2002-08-15 | Jill Fallon | Systems and methods for a personal, universal, integrated organizer for legacy planning and storage |
US20030061511A1 (en) * | 2001-09-27 | 2003-03-27 | Todd Fischer | Secure communication of information via a communication network |
GB2386710A (en) | 2002-03-18 | 2003-09-24 | Hewlett Packard Co | Controlling access to data or documents |
US20040123104A1 (en) * | 2001-03-27 | 2004-06-24 | Xavier Boyen | Distributed scalable cryptographic access contol |
US20070030964A1 (en) * | 2005-08-04 | 2007-02-08 | Sony Corporation | Method, apparatus, and program for processing information |
US20070192114A1 (en) * | 2006-01-30 | 2007-08-16 | Parpala Davaid J | Method of automated estate management |
US20080005024A1 (en) | 2006-05-17 | 2008-01-03 | Carter Kirkwood | Document authentication system |
US20080141040A1 (en) * | 2006-12-08 | 2008-06-12 | Microsoft Corporation | Secure data protection during disasters |
US7392547B2 (en) | 2003-06-27 | 2008-06-24 | Microsoft Corporation | Organization-based content rights management and systems, structures, and methods therefor |
US7418737B2 (en) * | 2001-06-13 | 2008-08-26 | Mcafee, Inc. | Encrypted data file transmission |
US20090025063A1 (en) | 2007-07-18 | 2009-01-22 | Novell, Inc. | Role-based access control for redacted content |
US20090141902A1 (en) * | 2007-12-01 | 2009-06-04 | Electronic Data Systems Corporation | Apparatus and method for securing data in computer storage |
US20100138656A1 (en) | 2008-11-28 | 2010-06-03 | International Business Machines Corporation | Shielding a Sensitive File |
JP2010244432A (en) | 2009-04-08 | 2010-10-28 | Nippon Telegr & Teleph Corp <Ntt> | File sharing system, shared file server device, file sharing method, access control method of shared file server device, and programs thereof |
US20120210126A1 (en) | 2011-02-10 | 2012-08-16 | SecurenCrypt, LLC | Document encryption and decryption |
US20130064365A1 (en) * | 2011-09-09 | 2013-03-14 | Fujitsu Limited | Data Destruction |
US8458454B2 (en) | 2007-08-24 | 2013-06-04 | Mitsubishi Electric Corporation | Conditional access apparatus |
US20130332991A1 (en) | 2006-11-08 | 2013-12-12 | Citrix Systems, Inc. | Method and system for dynamically associating access rights with a resource |
US20140233740A1 (en) * | 2011-09-23 | 2014-08-21 | Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno | Secure Distribution of Content |
US20140281545A1 (en) * | 2013-03-12 | 2014-09-18 | Commvault Systems, Inc. | Multi-layer embedded encryption |
US20140344941A1 (en) * | 2011-11-14 | 2014-11-20 | St-Ericsson Sa | Method for managing public and private data input at a device |
US20140359291A1 (en) | 2011-10-28 | 2014-12-04 | The Digital Filing Company Pty Ltd | Registry |
US20150180659A1 (en) * | 2013-12-23 | 2015-06-25 | Electronics And Telecommunications Research Institute | Apparatus and method for giving the compressed encryption functionality to integer-based homomorphic encryption schemes |
US20170098090A1 (en) * | 2014-06-24 | 2017-04-06 | Hewlett-Packard Development Company, L.P. | Composite Document Access |
US20180007059A1 (en) | 2014-09-30 | 2018-01-04 | Citrix Systems, Inc. | Dynamic Access Control to Network Resources Using Federated Full Domain Logon |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7549482B2 (en) * | 2007-07-13 | 2009-06-23 | Cnh America Llc | Implement with two stage folding wing |
US8487634B2 (en) * | 2008-09-25 | 2013-07-16 | Enmetric Systems, Inc. | Smart electrical wire-devices and premises power management system |
US9245176B2 (en) * | 2012-08-01 | 2016-01-26 | Disney Enterprises, Inc. | Content retargeting using facial layers |
TWM443502U (en) * | 2012-08-03 | 2012-12-21 | Pu Yuan Biotech Co Ltd | Blood glucose meter device combined with mobile electronic device |
-
2015
- 2015-09-29 US US14/868,801 patent/US10623184B2/en active Active
Patent Citations (28)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5109413A (en) | 1986-11-05 | 1992-04-28 | International Business Machines Corporation | Manipulating rights-to-execute in connection with a software copy protection mechanism |
US20020048369A1 (en) * | 1995-02-13 | 2002-04-25 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US6351813B1 (en) | 1996-02-09 | 2002-02-26 | Digital Privacy, Inc. | Access control/crypto system |
US20020111946A1 (en) * | 2000-09-29 | 2002-08-15 | Jill Fallon | Systems and methods for a personal, universal, integrated organizer for legacy planning and storage |
US20040123104A1 (en) * | 2001-03-27 | 2004-06-24 | Xavier Boyen | Distributed scalable cryptographic access contol |
US7418737B2 (en) * | 2001-06-13 | 2008-08-26 | Mcafee, Inc. | Encrypted data file transmission |
US20030061511A1 (en) * | 2001-09-27 | 2003-03-27 | Todd Fischer | Secure communication of information via a communication network |
GB2386710A (en) | 2002-03-18 | 2003-09-24 | Hewlett Packard Co | Controlling access to data or documents |
US7392547B2 (en) | 2003-06-27 | 2008-06-24 | Microsoft Corporation | Organization-based content rights management and systems, structures, and methods therefor |
US20070030964A1 (en) * | 2005-08-04 | 2007-02-08 | Sony Corporation | Method, apparatus, and program for processing information |
US20070192114A1 (en) * | 2006-01-30 | 2007-08-16 | Parpala Davaid J | Method of automated estate management |
US20080005024A1 (en) | 2006-05-17 | 2008-01-03 | Carter Kirkwood | Document authentication system |
US20130332991A1 (en) | 2006-11-08 | 2013-12-12 | Citrix Systems, Inc. | Method and system for dynamically associating access rights with a resource |
US20080141040A1 (en) * | 2006-12-08 | 2008-06-12 | Microsoft Corporation | Secure data protection during disasters |
US20090025063A1 (en) | 2007-07-18 | 2009-01-22 | Novell, Inc. | Role-based access control for redacted content |
US8458454B2 (en) | 2007-08-24 | 2013-06-04 | Mitsubishi Electric Corporation | Conditional access apparatus |
US20090141902A1 (en) * | 2007-12-01 | 2009-06-04 | Electronic Data Systems Corporation | Apparatus and method for securing data in computer storage |
US20100138656A1 (en) | 2008-11-28 | 2010-06-03 | International Business Machines Corporation | Shielding a Sensitive File |
JP2010244432A (en) | 2009-04-08 | 2010-10-28 | Nippon Telegr & Teleph Corp <Ntt> | File sharing system, shared file server device, file sharing method, access control method of shared file server device, and programs thereof |
US20120210126A1 (en) | 2011-02-10 | 2012-08-16 | SecurenCrypt, LLC | Document encryption and decryption |
US20130064365A1 (en) * | 2011-09-09 | 2013-03-14 | Fujitsu Limited | Data Destruction |
US20140233740A1 (en) * | 2011-09-23 | 2014-08-21 | Nederlandse Organisatie Voor Toegepast-Natuurwetenschappelijk Onderzoek Tno | Secure Distribution of Content |
US20140359291A1 (en) | 2011-10-28 | 2014-12-04 | The Digital Filing Company Pty Ltd | Registry |
US20140344941A1 (en) * | 2011-11-14 | 2014-11-20 | St-Ericsson Sa | Method for managing public and private data input at a device |
US20140281545A1 (en) * | 2013-03-12 | 2014-09-18 | Commvault Systems, Inc. | Multi-layer embedded encryption |
US20150180659A1 (en) * | 2013-12-23 | 2015-06-25 | Electronics And Telecommunications Research Institute | Apparatus and method for giving the compressed encryption functionality to integer-based homomorphic encryption schemes |
US20170098090A1 (en) * | 2014-06-24 | 2017-04-06 | Hewlett-Packard Development Company, L.P. | Composite Document Access |
US20180007059A1 (en) | 2014-09-30 | 2018-01-04 | Citrix Systems, Inc. | Dynamic Access Control to Network Resources Using Federated Full Domain Logon |
Non-Patent Citations (4)
Title |
---|
"A Lightweight and Safe File Protection System"; IP.com Prior Art Database Technical Disclosure; IP.com No. 000236659; Electronic Publication: May 8, 2014; pp. 1-4. |
"FileOpen Document Protection Software Try it Free for 14 Days."; FileOpen Systems; Printed on: Jun. 22, 2015; pp. 1-2; <http://www.fileopen.com/document-protection-trial>. |
"Pinion Software Announces New ShareSafe(TM) File Security Solutions"; Business Wire; May 1, 2007; Printed on: Jun. 22, 2015; pp. 1-2; <http://www.businesswire.com/news/home/20070501005717/en/Pinion-Software-Announces-ShareSafe-TM-File-Security#.VYg7rUZyKSd>. |
IBM; "Time restrictions on files."; IP.com Prior Art Database Technical Disclosure; IP.com No. 000016246; Electronic Publication: Jun. 21, 2003; Original Publication Date: Oct. 5, 2002; pp. 1-3. |
Also Published As
Publication number | Publication date |
---|---|
US20170093574A1 (en) | 2017-03-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11973860B1 (en) | Systems and methods for encryption and provision of information security using platform services | |
USRE49904E1 (en) | Systems and methods for cloud data security | |
US9619659B1 (en) | Systems and methods for providing information security using context-based keys | |
Hon et al. | The problem of ‘personal data’in cloud computing: what information is regulated?—the cloud of unknowing | |
US9373001B2 (en) | Distributed encryption and access control scheme in a cloud environment | |
JP6622196B2 (en) | Virtual service provider zone | |
US9202076B1 (en) | Systems and methods for sharing data stored on secure third-party storage platforms | |
CA3027741A1 (en) | Blockchain systems and methods for user authentication | |
US20140281520A1 (en) | Secure cloud data sharing | |
Secara | Zoombombing–the end-to-end fallacy | |
US20200145389A1 (en) | Controlling Access to Data | |
CN115004639B (en) | Encryption of message queues | |
Murray et al. | Cloud service security & application vulnerability | |
Opderbeck | Encryption Policy and Law Enforcement in the Cloud | |
US10623184B2 (en) | Smart resource access for decrypted information | |
US20220309181A1 (en) | Unstructured data access control | |
US20210288798A1 (en) | Jigsaw key encryption/decryption | |
EP3557469B1 (en) | System, method and computer program for secure data exchange | |
Agarkhed et al. | Data De-duplication Scheme for File Checksum in Cloud | |
Chowdhury | Towards Human-Centric Endpoint Security (Transcript of Discussion) | |
Beley et al. | A Management of Keys of Data Sheet in Data Warehouse | |
Ruiz et al. | Security Issue on Cloned TrueCrypt Containers and Backup Headers | |
Thumar et al. | A Framework for Secure Data Storage in Mobile Cloud Computing | |
Adeppa | Security analysis in cloud computing environment | |
Engwall | Exploring information security and shared encrypted spaces in libraries |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW YORK Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:D'ELENA, DANIEL F.;MARTINEZ, ANTHONY E.;MICHELINI, VANESSA V.;AND OTHERS;SIGNING DATES FROM 20150922 TO 20150923;REEL/FRAME:036680/0426 Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:D'ELENA, DANIEL F.;MARTINEZ, ANTHONY E.;MICHELINI, VANESSA V.;AND OTHERS;SIGNING DATES FROM 20150922 TO 20150923;REEL/FRAME:036680/0426 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NON FINAL ACTION MAILED |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: RESPONSE TO NON-FINAL OFFICE ACTION ENTERED AND FORWARDED TO EXAMINER |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS |
|
STCF | Information on status: patent grant |
Free format text: PATENTED CASE |
|
MAFP | Maintenance fee payment |
Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY Year of fee payment: 4 |